Release notes - SonarXML - 2.10

Task

SONARXML-178 Update rules metadata

SONARXML-179 Update sonar-analyzer-commons to 2.7.0.1482

Release notes - SonarXML - 2.9

False Negative

SONARXML-169 [S2068] Add support for form based authentication in web.config

SONARXML-172 [S4507] Add support for web.config customErrors parameter

Task

SONARXML-176 Update rules metadata

Release notes - SonarXML - 2.8.1

Documentation

SONARXML-174 Rule S140 (XPathCheck) metadata are not up to date and do not follow LayC format.

Release notes - SonarXML - 2.8

Task

SONARXML-170 Upgrade sonar-analyzer-commons 2.5.0.1358

SONARXML-173 Update rule metadata

Release notes - SonarXML - 2.7.0.3820

Bug

• SONARXML-163 xml:XPathCheck does not support correctly "::" syntax
• SONARXML-164 NumberFormatException for "*" in S3417, unable to build dependency from "*:.*log4j"

Documentation

• SONARXML-166 Update rules metadata

Task

• SONARXML-165 Upgrade sonar-analyzer-commons to 2.1.0.1111

Release notes - SonarXML - Version 2.6.1.3686

Bug

SONARXML-162 XPathCheck supports schemeless namespace-uri() in xpath expressions

Release notes - SonarXML - Version 2.6

Improvement

SONARXML-150 cls-meta.xml files should be excluded from the scope of XML analysis

SONARXML-148 S3417 resolves versions defined as properties within the same file

New Feature

SONARXML-161 Update rules metadata

SONARXML-157 Provide OWASP Top 10 2021 security standards for rules metadata

Task

SONARXML-159 Upgrade sonar-analyzer-commons

SONARXML-158 Remove dependency on xalan

    Release Notes - SonarXML - Version 2.5
                    

Bug

• [SONARXML-149] - NPE parsing XML empty CDATA

Task

• [SONARXML-135] - Move all rules targeting XML from SonarQube Java Analyzer to SonarXML
• [SONARXML-151] - Update sonar-plugin-api to version 8.9
• [SONARXML-152] - Declare XML sensor as a sensor processing files independently
• [SONARXML-153] - Update rules metadata

    Release Notes - SonarXML - Version 2.4
                        

New Feature

• [SONARXML-137] - Rule S6358: Allowing application backup is security-sensitive
• [SONARXML-138] - Rule S5322: Receiving intents is security-sensitive
• [SONARXML-140] - Rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive

Task

• [SONARXML-144] - Update rules metadata

Improvement

• [SONARXML-139] - Rule S6359: Custom permissions should not be defined in the 'android.permission' namespace
• [SONARXML-141] - Rule S5332: Using clear-text protocols is security-sensitive
• [SONARXML-143] - S2647: remove CWE-311 from "securityStandards" to match the "See" section

False-Positive

• [SONARXML-142] - S5594 should not raise on activities expecting android.intent.action.SEND* intents

    Release Notes - SonarXML - Version 2.3
                            

Task

• [SONARXML-136] - Update rules metadata

Improvement

• [SONARXML-117] - Update description for sonar.xml.file.suffixes

False-Positive

• [SONARXML-118] - S5594 should handle activity-alias component
• [SONARXML-119] - S2068 should not raise on "android:password" attribute